third_party/blink/renderer/modules/credentialmanager/credentials_container.cc · e9768e39497754ef00fb4aa82431bc70f7040b85 · eriksson monteiro / tangled

[Secure Payment Confirmation] Random user identifier. · e9768e39

Rouslan Solomakhin authored Oct 20, 2020

Before this patch, creating two payment credentials in Touch ID with
identical instrument display name and relying party would erase the
first credential, so it could no longer be exercised.

This patch uses a random 32 byte array instead of instrument display
name as the user identifier.

After this patch, a relying party can create a large number of payment
credentials with identical instrument display name, so all of them can
still be exercised.

Bug: 1139040
Change-Id: I68895c4b7d6bb64afa1f44e2b30a613ab6293023
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2487220Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#819053}

e9768e39

credentials_container.cc 53.9 KB

Replace credentials_container.cc